CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-0825
https://notcve.org/view.php?id=CVE-2016-0825
12 Mar 2016 — The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 allows attackers to obtain sensitive TrustZone secure-storage information by leveraging kernel access, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 20860039. La Widevine Trusted Application en Android 6.0.1 en versiones anteriores a 2016-03-01 permite a atacantes obtener información sensible del almacenamiento seguro TrustZone aprovechando el acceso al kernel, según lo demostrado mediante la obtención... • http://source.android.com/security/bulletin/2016-03-01.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-0831
https://notcve.org/view.php?id=CVE-2016-0831
12 Mar 2016 — The getDeviceIdForPhone function in internal/telephony/PhoneSubInfoController.java in Telephony in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not check for the READ_PHONE_STATE permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 25778215. La función getDeviceIdForPhone en internal/telephony/PhoneSubInfoController.java en Telephony en Android 5.x en versiones anteriores a 5.1.1 LMY49H y 6.x en versiones anteriores a 2016-03-01 no ... • http://source.android.com/security/bulletin/2016-03-01.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2016-0829
https://notcve.org/view.php?id=CVE-2016-0829
12 Mar 2016 — The BnGraphicBufferProducer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not initialize a certain output data structure, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering a QUEUE_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338109. La función BnGraphicBufferP... • http://source.android.com/security/bulletin/2016-03-01.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-0820
https://notcve.org/view.php?id=CVE-2016-0820
12 Mar 2016 — The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 26267358. El controlador del kernel MediaTek Wi-Fi en Android 6.0.1 en versiones anteriores a 2016-03-01 permite a atacantes obtener privilegios a través de una aplicación manipulada, también conocido como error interno 26267358. • http://source.android.com/security/bulletin/2016-03-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0816
https://notcve.org/view.php?id=CVE-2016-0816
12 Mar 2016 — mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to decoder/ih264d_parse_islice.c and decoder/ih264d_parse_pslice.c, aka internal bug 25928803. mediaserver en Android 6.x en versiones anteriores a 2016-03-01 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un archivo multimedia manipulado, relacionado ... • http://source.android.com/security/bulletin/2016-03-01.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0830
https://notcve.org/view.php?id=CVE-2016-0830
12 Mar 2016 — btif_config.c in Bluetooth in Android 6.x before 2016-03-01 allows remote attackers to cause a denial of service (memory corruption and persistent daemon crash) by triggering a large number of configuration entries, and consequently exceeding the maximum size of a configuration file, aka internal bug 26071376. btif_config.c en Bluetooth en Android 6.x en versiones anteriores a 2016-03-01 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída persistente del demonio) d... • http://source.android.com/security/bulletin/2016-03-01.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 24EXPL: 0CVE-2016-0826
https://notcve.org/view.php?id=CVE-2016-0826
12 Mar 2016 — libcameraservice in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not require use of the ICameraService::dump method for a camera service dump, which allows attackers to gain privileges via a crafted application that directly dumps, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26265403. libcameraservice en mediaserver en Android 4.x en versiones anteriores a 4.4.4, 5.x en versiones anteriores a 5.1.1 LMY49H y 6.x en v... • http://source.android.com/security/bulletin/2016-03-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-0828
https://notcve.org/view.php?id=CVE-2016-0828
12 Mar 2016 — The BnGraphicBufferConsumer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not initialize a certain slot variable, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an ATTACH_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338113. La función BnGraphicBufferConsumer::onTransact en li... • http://source.android.com/security/bulletin/2016-03-01.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •
CVSS: 9.3EPSS: 0%CPEs: 24EXPL: 0CVE-2016-0819
https://notcve.org/view.php?id=CVE-2016-0819
12 Mar 2016 — The Qualcomm performance component in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 25364034. El rendimiento del componente Qualcomm en Android 4.x en versiones anteriores a 4.4.4, 5.x en versiones anteriores a 5.1.1 LMY49H y 6.x en versiones anteriores a 2016-03-01 permite a atacantes obtener privilegios a través de una aplicación manipulada, también conocido como error interno 25364034. • http://source.android.com/security/bulletin/2016-03-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 24EXPL: 0CVE-2016-0827
https://notcve.org/view.php?id=CVE-2016-0827
12 Mar 2016 — Multiple integer overflows in libeffects in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, related to EffectBundle.cpp and EffectReverb.cpp, aka internal bug 26347509. Múltiples desbordamientos de entero en libeffects en mediaserver en Android 4.x en versiones anteriores a 4.4.4, 5.x en versiones anteriores a 5.1.1 LMY49H, and 6.x en v... • http://source.android.com/security/bulletin/2016-03-01.html • CWE-189: Numeric Errors •